SUSE-SU-2020:2698-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...

Debian DLA-2370-1 : python-pip security update

It was discovered that there was a directory traversal attack in pip, the Python package installer. When an URL was given in an install command, as a Content-Disposition header was permitted to have '../' components in their filename, arbitrary local files eg. /root/.ssh/authorizedkeys could be...

[SECURITY] [DLA 2370-1] python-pip security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2370-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2020 https://wiki.debian.org/LTS -...

DLA-2370-1 python-pip - security update

Bulletin has no description...

Python pip directory traversal vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A directory traversal vulnerability exists in Python pip versions prior to 19.2. The vulnerability stems...

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

PYSEC-2020-192

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

NewStart CGSL MAIN 6.01 : python-pip Multiple Vulnerabilities (NS-SA-2020-0035)

The remote NewStart CGSL host, running version MAIN 6.01, has python-pip packages installed that are affected by multiple vulnerabilities: - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA...

Scientific Linux Security Update : python-pip on SL7.x (noarch) (20200512)

Security Fixes : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3:...

python-pip security update

...

CVE-2018-20225

A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exi...

Moderate: Red Hat Security Advisory: python-pip security update

An update for python-pip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 7 : python-pip (RHSA-2020:2068)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2068 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python...

python-pip security update

9.0.3-16 - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz1649153 Resolves: rhbz1700824 Resolves: rhbz1702473 Resolves: rhbz1643829...

RHEL 8 : python-pip (RHSA-2020:1916)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1916 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python...

Moderate: Red Hat Security Advisory: python-pip security update

An update for python-pip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

EulerOS Virtualization for ARM 64 3.0.6.0 : python-pip (EulerOS-SA-2020-1354)

According to the versions of the python-pip package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2020-1354)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : python-pip (RHSA-2020:0850)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect...

CentOS: Security Advisory for python3-pip (CESA-2020:0850)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...